Week 50, December 11-17, 2023

Week 50, December 11-17, 2023. Cybersecurity Weekly Updates.

This week in the world of cybersecurity:

China-based groups are making headlines with their advanced persistent threats (APTs). The Sandman APT is linked to the KEYPLUG Backdoor, while Russian hackers continue their cyber espionage, targeting multiple nations. The Lazarus Group is also active, using Log4j exploits to deploy dangerous remote access trojans.

In the realm of mobile security, the SpyLoan Scandal reveals how 18 malicious loan apps have defrauded millions of Android users. Similarly, new malware like MrAnon Stealer and Pierogi++ are targeting specific regions and groups, indicating a rise in personalized cyber attacks.

Major companies like Microsoft and Apple are constantly patching critical vulnerabilities, reflecting the ongoing battle against security threats. This includes Microsoft’s fight against hackers exploiting OAuth for cryptocurrency mining and phishing, and Apple’s release of updates to patch iOS and macOS security flaws.

The healthcare sector isn’t immune, with emerging cyber threats challenging the industry’s security measures. Moreover, a significant attack paralyzed Kyivstar, Ukraine’s largest telecom operator, highlighting the impact of cyber warfare on national infrastructure.

On a technical note, new techniques like PoolParty Process Injection are outsmarting top EDR solutions, and the discovery of a critical RCE vulnerability in Apache Struts 2 demands immediate attention with a prompt patch.

Recent Tools and Techniques

These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.

NetProbe is a network probing tool designed to scan and monitor devices within a specified network. It utilizes ARP requests to identify and list details of active devices, providing valuable insights into the IP addresses, MAC addresses, manufacturers, and models of each detected device. NetProbe offers a range of features including the ability to scan specific IP addresses or subnets, display comprehensive device information, and perform live tracking of devices. Users can save scan results for future reference, apply filters based on manufacturer or IP range, and customize the scan rate. This tool is particularly useful for network administrators and security professionals seeking to maintain visibility and control over their network environment.

CloakQuest3r is a Python-based tool designed to identify the actual IP addresses of websites protected by Cloudflare and similar services. It serves as an essential tool for penetration testers, security experts, and web administrators aiming to conduct thorough security assessments. The tool’s primary function is to reveal the real IP address of servers hidden behind security measures using techniques like subdomain scanning. Key features include Real IP Detection, Subdomain Scanning, IP Address History, SSL Certificate Analysis, Threaded Scanning, and Detailed Reporting. These features collectively enhance the efficiency and effectiveness of security investigations, making CloakQuest3r a reliable resource for uncovering obscured vulnerabilities and fortifying web assets.

Mosint is an automated email OSINT (Open Source Intelligence) tool crafted in Go, designed to streamline the process of gathering information about target emails. It integrates various services into a single platform, enabling efficient and rapid data collection. The tool boasts a set of features including fast and simple email-based scanning, email verification, social media account checking, data breach inquiries, and DNS/IP lookups. It supports outputting results into a JSON file for easy analysis and further use. Mosint leverages services like hunter.io, emailrep.io, and HaveIBeenPwned to provide comprehensive data around email-related security inquiries, making it a valuable asset for security researchers and professionals looking to conduct thorough investigations with minimal resource consumption.

That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.

To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.